Microsoft IT uses telemetry from Windows Defender and System Center 2012 Endpoint Protection to help us proactively spot trends in malware behavior and identify top types of malware and triggers for a data-driven approach to mitigating attacks.